For Consumer

Virus Profile: BackDoor-FIT

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 10/10/2012
Date Added: 10/10/2012
Origin: Unknown
Length: varies
Type: Trojan
Subtype: Remote Access
DAT Required: 6861
Removal Instructions
   
 
 
   

Description

BackDoor-FIT is a remote access trojan written in .NET which is designed to open a backdoor and allow attackers to issue commands to control the compromised machines.

Indication of Infection

  • Presence of the aforementioned registry key
  • Presence of the network connections to above sites

Methods of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

   

Virus Characteristics

Upon execution, the trojan modifies following registry keys.

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    "filename" = "filepath to trojan"

The trojan attempts to connect following site and waits commands.

  • sysdeck.[Removed].me

The backdoor has following functions:

  • List Files/Directories
  • Add/Modify/Remove Files/Directories
  • Create processes
  • Spawn hidden iexplorer.exe
  • Download/upload files
  • Log keystrokes/mouse actions
  • Capture screenshots

The backdoor also connects the Japanese BBS site.

  • http://jbbs.livedoor.jp/

 

 
   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

   

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95